Pages

Thursday, January 22, 2009

- new: enabled the PE Stuff dialog (still in early stages)- new: smbios reporting added (misc tools portion)- update: pid entrypoint code optimised- update: updated resizing core, and squashed a few bugs- update: false positive with some anti virus programs is now fixed (gdata and avast)- update: folderwatch, task manager, cd/dvd filter driver report, services report and folderlocations all have right click context menus allowing the data to be saved to file- update: uninstaller code tweaked - various fixes on some entries that would not uninstall- update: update portion is now tweaked, a bit better and more futureproof- update: windows 7 is now detected right and everything is functional (we are windows 7 compatible)

- bugfix: gui issue when run from context menu (log window will be shown)- bugfix: file open doing nothing bug fixed - happened on WinXP with no service packs- bugfix: folderwatch - bugfix in window handler, could have caused a lockup in 9x/me systems

today I wanna share a new written script by me about to get some useful infos about TheMida / WinLicense protected targets.-This script can get the exact version release year and the protection-I also added to get the right section name,VA and name of the file summarized in nice message box for the user.-Included diffrent search methods to get this informations for all TM / WL targets.

IDA 5.4 betaIn addition to numerous small and not that small improvements, the new version will have hree debugger modules: bochs, gdb, and windbg, selectable on the fly (the active debugger session will be closed, though wink1.gif)

* With the bochs debugger, we offer three different worlds: run-any-code-snippet facility, windows-like-environment for PE files, and any-bochs-image bare-bone machine emulation mode. You can read more about this module in our blog: http://hexblog.com/2008/11/bochs_plugin_goes_alpha.html* With gdb, x86 and arm targets are supported. Among other things, it is possible to connect IDA to QEMU or debug a virtual machine inside VMWare. We tried it iPhone as well. However, while it works in some curcimstances, there were some problems on the gdbserver side. With windbg, user and kernel mode debugging is available. The debugger engine from Microsoft, which is currently the only choice for driver and kernel mode debugging, can be used from IDA. It can automatically load required PDB files and populate the listing with meaningful names, types, etc. Speaking of PDB files, IDA imports more information from them: local function variables and types are retrieved too, c++ base classes are handled, etc.

The gdb and windbg debugger modules support local and remote debugging. We tried to make the debugger modules as open as possible: target-specific commands can be sent to all backend engines in a very easy and user-friendly way.

As usual, better analysis and many minor changes have been made. If you spend plenty of time analyzing gcc generated binaries, you’ll certainly appreciate that IDA handles its weird way of preparing outgoing function arguments. Now it can trace and find arguments copies to the stack with mov statements.

The new IDA will support Python out of box, thanks to Gergely Erdelyi, who kindly agreed the Python plugin to be included in the official distribution. In fact, the main IDA window will have a command line to enter any python (or other language) expressions and immediately get a result in the message window.